I've been struggling with this for the past day and there are little-to-no resources available online for integrating Chrome Extensions and Mixpanel. I'd like for this thread to by the one that people refer to when dealing with integrating Mixpanel into a Chrome extension.
The goal of my Mixpanel integration is to be able to track events both with my content script content.js
as well as my popup.js
(so basically across my whole extension)
I have a popup.html file that calls <script src="mixpanel.js"></script>
right before the </head>
tag.
In my mixpanel.js
file is:
(function(e,b){if(!b.__SV){var a,f,i,g;window.mixpanel=b;a=e.createElement("script");a.type="text/javascript";a.async=!0;a.src=("https:"===e.location.protocol?"https:":"http:")+'//cdn.mxpnl.com/libs/mixpanel-2.2.min.js';f=e.getElementsByTagName("script")[0];f.parentNode.insertBefore(a,f);b._i=[];b.init=function(a,e,d){function f(b,h){var a=h.split(".");2==a.length&&(b=b[a[0]],h=a[1]);b[h]=function(){b.push([h].concat(Array.prototype.slice.call(arguments,0)))}}var c=b;"undefined"!==
typeof d?c=b[d]=[]:d="mixpanel";c.people=c.people||[];c.toString=function(b){var a="mixpanel";"mixpanel"!==d&&(a+="."+d);b||(a+=" (stub)");return a};c.people.toString=function(){return c.toString(1)+".people (stub)"};i="disable track track_pageview track_links track_forms register register_once alias unregister identify name_tag set_config people.set people.increment people.append people.track_charge people.clear_charges people.delete_user".split(" ");for(g=0;g<i.length;g++)f(c,i[g]);b._i.push([a,
e,d])};b.__SV=1.2}})(document,window.mixpanel||[]);
mixpanel.init("MY_TOKEN");
When I click on my extension's button and inspect it, the console outputs the following error:
Refused to load the script 'http://cdn.mxpnl.com/libs/mixpanel-2.2.min.js' because it violates the following Content Security Policy directive: "script-src 'self' https://cdn.mxpnl.com".
Here is the permissions section of my manifest.json
file:
"permissions": ["https://twitter.com/"],
"content_security_policy": "script-src 'self' https://cdn.mxpnl.com; object-src 'self'"
The extension needs to work on Twitter.
I've read the Content Security Policy doc that Google wrote which has not been helpful
Any idea what I'm doing wrong here? Any help would be very appreciated!
The above answer incomplete. You have to do one more thing.
Step 1: Adding HTTPS
Do what the other answer told you to do, change the mixpanel code, change
http://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
tohttps://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Step 2: Modifying content security in your
manifest.json
Update the
content_security_policy
property in yourmanifest.json
:{ ..., "content_security_policy": "script-src 'self' https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js; object-src 'self'", ... }
This relaxes the default content security policy.
Step 3 [optional]: Adding Google Analytics
If you also want Google Analytics as well, you can add it like this:
{ ..., "content_security_policy": "script-src 'self' https://ssl.google-analytics.com https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js; object-src 'self'", ... }
I learned how to do this from Google's own tutorial on how to add Google Analytics.
The problem here is that Chrome doesn't allow extensions to load remote resources over plain HTTP; only HTTPS is allowed:
Your
mixpanel.js
script attempts to loadhttp://cdn.mxpnl.com/libs/mixpanel-2.2.min.js
instead of the correspondinghttps:
link. To fix this, simply change the line:to:
It's currently loading the
http:
version becausewindow.location.protocol
ischrome-extension:
, rather thanhttps:
. This change simply forces loading of thehttps:
version always.You could use this script to load mixpanel from custom url.